Uncategorized

Securimage 3.6.4 has been released to address an XSS vulnerability in example_form.ajax.php (an example included with Securimage) which could allow an attacker to inject arbitrary Javascript code via a crafted URL. Users directed to the malicious URL could have cookies or other sensitive information exposed, or have more dangerous Javascript code executed. Thanks to RedTeam for discovering the flaw.

It is recommended to update to 3.6.4 as soon as possible, or delete example_form.ajax.php from your Securimage directory.